first of all I want to thank you for your great work. I had tried to put up some MySQL gui before - but due to my limited time never came to the point where I trusted my code enough to use it for a live system

Dear Xataface community,

up till now a have read a lot in this forum but never been active myself. Since everyone using a system like Xataface has different needs I now want to share my experience on the topic stated above since that was one of my primary concerns.After realizing the power of Xataface I was facing the problem that I had many related tables with some of them containing sensible data not to be exposed to the public. After reading about Xataface permissions I found that the mechanism provided by conf.ini with [_tables], [_disallowed_tables] and [_allowed_tables] would be the top level/most secure one. But this mechanism seemed to be static. Working with the Xataface 1.3.2 code I found the following solution to my needs especially providing a consistant Xataface gui by using conf/ApplicationDelegate.php class:

together with listing all my tables under [_disallowed_tables] in the conf.ini and only my Dashboard under [_tables]. The fine grained access control on the exposed tables is done by Xatafaces permission system using table delegate classes.

=> This solution works really flawless with Xataface 1.3.2.

After my system grew in the past months I noticed an annoying problem. Using MySQL views to filter data - meaning the views are not complex representing one single table and for this reason are still writeable - creating new records behaves bad. After entering the record data a click to the save button leeds to an empty result set with the message: record created/saved successfully. no record matching criteria found. If I click on the find action I notice that the auto_increment value of the primary key is in this case not handled correctly. The find form indicates for the ID field just = meaning the new ID is not passed to xataface at all. This happens in all combinations fields.ini key=PRI together with widget:type=static/hidden/... . The same setup working on the original table not the view works flawlessly. Since I was not finding any information about this issue I wanted to try Xataface SVN since I thouhgt, maybe this problem is already solved there. So I setup xataface_svn together with the svn g2 module.

=> Surprise! This solution is not working with the new Xataface SVN!!!=> Further reading and trying to unserstand the code even more brouhgt me to this other solution which seems to be the more intended way.=> But this new solution needs a minor patch of the XatafaceSVN code.

Looking at Dataface/Application.php shows that there ist another delegate function called conf(). Seems to be the right place for the things I did in first place. So I changed my conf/ApplicationDelegate.php:

This worked in conjunction with the g2 module but at all places except the upper navigation menu instead of the table names the table ids like tbl_... got used. Disabling the g2 module made the menu disappear in the old layout. A little debugging showed me that Xataface ist using _table, _conf['_table'] and con() a little bit unconsistantly. (at least to my pure understanding of Xataface code) The desired result ist finally consisntantly achieved by patching the original Dataface/Application.php: function display() in the following way:

function display($main_content_only=false, $disableCache=false){ // ---------------- Set the Default Character set for output ----------- //!PATCH! comment out the following three lines and copy them to the new location //foreach ($this->_tables as $key=>$value){ // $this->_tables[$key] = $this->_conf['_tables'][$key] = df_translate('tables.'.$key.'.label', $value); //}

P.S.: Finally I'd like to ask one question by myself:I noticed that the new g2 look&feel seems to be missing some features. E.g. in the result list I find no pages links and cannot adapt the number of elements per page. Is this functionality in the g2 still missing or do I have to update some settings (permissions.ini, conf.ini / [_prefs]) ?

P.P.S: If someone has an idea how to make inserting records into views work I would be really interested since this was my original intention playing with the xataface code;-)

Last edited by t.peichl on Sun Jan 06, 2013 1:27 pm, edited 1 time in total.

I noticed that the new g2 look&feel seems to be missing some features. E.g. in the result list I find no pages links and cannot adapt the number of elements per page. Is this functionality in the g2 still missing or do I have to update some settings (permissions.ini, conf.ini / [_prefs]) ?

Are you looking for the options to change the number of records per page? These are still there but hidden. You need to click on the text that says "0 to 30" (i.e. where it says which records are showing now. This will pop up a little dialog to change the number of records shown per page or skip to another start position.

If someone has an idea how to make inserting records into views work I would be really interested since this was my original intention playing with the xataface code;-)

Getting views to work depends on the view. Auto-increment fields is an easy fix. You need to tell Xataface which fields are autoincrement in the fields.ini file (it doesn't know this by default for views). Just add the following to the fields.ini file:

Are you looking for the options to change the number of records per page? These are still there but hidden. You need to click on the text that says "0 to 30" (i.e. where it says which records are showing now. This will pop up a little dialog to change the number of records shown per page or skip to another start position.

Exactly, that was what I'm looking for and it's even more convenient this way.

I have the same problem as t.peich: After upgrading to 2.0alpha1+g2 module I can't hide (unset) tables through ApplicationDelegate.php. I've reduced the code because it disables or enables tables depending on user:

This section of code shouldn't be in the getPermissions() method. It should be in the beforeHandleRequest() method of the application delegate class. This will guarantee that it is only run once per request.

The G2 module works a little differently. Your disallowed tables call should be working correctly though. E.g. if you actually try to click on the table in question, it should give you an error of some kind.

As for removing the menu item, G2 converts the table menu items into actions and this has already occurred by the time this code runs (it happens as soon as the module loads). This makes it significatly easier to add menu items to the top left (The category is "top_left_menu_bar"). However, removing the items needs to be done, now via the getNavItem() delegate class method.http://xataface.com/wiki/getNavItem